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that  his  new  database  won't  contain  a 
single  bit  of  bad  data.  And  he  comes 
up  with  a  simple,  yet  briltiant.  plan  for 
achieving  that  goal. 
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moth.  And  co-founder  is 

reportedly  concerned  about  employ¬ 
ees  feeling  too  entitled  as  the  search 


giant  deals  with  cultural  changes,  staff 


friction  and  adolescent  angst. 
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■  EDITOR’S  NOTE 

Don  Te 


A  Dimension  Lost 


AST  WEEK,  I  had  the  good  fortune  of  coming 
across  a  column  written  by  Kip  Layton  Jr.,  a  school 
administrator  in  the  tiny,  remote  village  of  Eek, 
Alaska.  It  wasn’t  fortunate  simply  by  virtue  of  the 
entertainment  I  derive  from  being  able  to  mention  a  place 
called  Eek.  Layton’s  column  provided  a  valuable  insight  into 
what  our  kids  have  missed  out  on  by  virtue  of  their  ties  to 
the  Internet. 


Obviously,  access  to 
computers  in  general 
and  the  Internet  in  par¬ 
ticular  is  a  godsend,  and 
the  sooner  such  access  is 
universal,  the  better.  But  I 
was  intrigued  by  Layton's 
article,  in  which  he  wrote 
about  what  happened  re¬ 
cently  when  his  school  lost 
its  Internet  connection. 

Suddenly,  an  ecology 
class  being  broadcast  to 
his  rural  school  went  off 
the  air,  students  felt  unable 
to  write  their  papers,  and 
teachers  were  in  a  quan¬ 
dary  without  their  Smart 
Boards  (computerized 
interactive  whiteboards). 
Layton  lamented  the  cloud 
of  helplessness  that  settled 
over  the  school  and  harked 
back  to  “a  time  when 
learning  and  communica¬ 
tion  had  a  more  meaning¬ 
ful,  personal  touch.” 

The  episode  reminded 
me  of  a  column  I  wrote 
several  years  back,  titled 
“The  Lost  Art  of  Hand¬ 
writing."  That  column  was 
picked  up  by  a  number  of 
IDG  publications  around 


the  world,  and  1  can’t  think 
of  anything  I've  written 
that  drew  a  more  global 
response  from  readers 
who  identified  with  my  ex¬ 
perience.  Here's  a  lightly 
edited  excerpt,  offered  as  a 
toast  to  Layton’s  piece: 

I  have  a  19-year-old  son 
who  is  absolutely  brilliant. 
He  finished  high  school  with 
a  4.0  grade-point  average, 
scored  a  1500  on  the  SAT, 
and  was  accepted  for  ad¬ 
mission  to  the  U.S.  Naval 
Academy.  Yet  this  brilliant 
young  man  has  the  hand¬ 
writing  of  a  4-year-old.  It’s 
humiliating.  And  why  is 
this  the  case?  Because  he 
grew  up  in  front  of  a  key¬ 
board.  Virtually  everything 
he  ever  did  involving  the 
written  word  was  typed. 

If  there's  anything  good 

■  The  scrawl  of 
my  younger  son 
looks  like  he  was 
holding  the  pen 
between  his  toes. 
With  frostbite. 


to  say  about  his  handwrit¬ 
ing  at  all,  it’s  that  it’s  not 
quite  as  horrible  as  the 
“handwriting"  of  my  14- 
year-old  son,  who  has  even 
less  experience  away  from 
a  computer  and  whose 
scrawl  looks  like  he  was 
holding  the  pen  between  his 
toes.  With  frostbite. 

You  no  doubt  have  seen 
the  same  thing.  People  over 
35 generally  have  lovely 
handwriting.  The25-to-35 
age  group  has  decent  hand¬ 
writing.  And  the  under-25 
crowd  is  a  legibility  laugh¬ 
ingstock.  It’s  all  because  of 
computers.  And  it’s  kind  of 
a  shame. 

I  had  lost  sight  of  just 
how  much  of  a  shame  it  re¬ 
ally  is  until  just  these  past 
six  weeks  since  my  son  has 
been  at  the  Naval  Acade¬ 
my.  He  hasn’t  had  access  to 
a  computer  all  this  time,  so 
the  only  way  to  correspond 
with  him  has  been  by  post. 

I  clearly  could  have  written 
the  letters  on  my  computer 
and  printed  them  out,  but  I 
didn't.  I  suppose  the  reason 
is  that  I  can  remember  as  a 


kid  getting  letters  from  my 
mom  and  dad  and  notic¬ 
ing  their  different  styles  of 
handwriting  and  appreciat¬ 
ing  that  unique  personal 
expression. 

I  wanted  my  son  to  see 
that  same  expressiveness 
and  individuality  and  per¬ 
sonality  in  my  correspon¬ 
dence  with  him,  so  I've  been 
writing  my  letters  to  him 
longhand.  Six  weeks  ago,  I 
probably  would  have  said 
I  don't  have  time  to  write 
letters  longhand.  Turns  out 
Ido. 

My  son  will  be  getting 
his  computer  in  a  couple  of 
weeks,  and  our  correspon¬ 
dence  will  no  doubt  shift 
to  e-mail  and  IM  —  the 
convenience  and  timeliness 
are  just  too  compelling.  And 
I  probably  won't  get  around 
to  writing  letters  longhand 
anymore.  It  would  be  silly,  I 
suppose,  because  the  letters 
would  be  so  dated.  Too  bad. 

Don't  get  me  wrong. 

I’m  grateful  that  we  have 
e-mail  and  IM,  I  really  am. 
And  it’s  a  terrific  thing  that 
the  kids  in  Eek  have  access 
to  the  Internet.  But  I  have 
a  feeling  that,  given  the 
chance,  those  kids  would 
enjoy  learning  about  what 
Layton  called  “those  little 
white  cards  in  that  myste- 
chest  in  the  library” 
ich  as  I  loved  writing 
those  letters.  ■ 

Don  Tennant  is  editorial 
director  of  Computerworld 
and  InfoWorld.  Contact 
him  at  don_tennant@ 
computerworld.com,  and 
visit  his  blog  at  http:// 
blogs.computerworld.com/ 


Microsoft.  Oracle  Get  Busy 
Plugging  Security  Holes 


ICROSOFT  CORP.  |  soft’s  Exploitability  Index,  there  is  usually  a  < 


Gartner  Inc.  began  its  Sympo- 
sium/ITxpo  2008  conference 
in  Orlando  last  week  with  a 
grim  parade  of  recommenda¬ 
tions  related  to  the  economic 
downturn.  How  grim?  No.  1 
on  the  consulting  firm's  list 
of  what  IT  execs  should  pre¬ 
pare  for  were  hiring  freezes 
-  and  possibly  even  layoffs. 

“The  next  big  thing  in  IT  is 
not  a  technology  -  it  is  cost 
reduction,  risk  manage¬ 
ment  and  compliance,"  said 
Peter  Sondergaard,  who 


heads  Gartner's  worldwide 
research  operations. 

Gartner,  which  said  late  last 
month  that  it  didn't  expect  a 
recession  in  IT  spending,  has 
ratcheted  down  its  growth 
forecast  since  then.  It's  now 
predicting  overall  spending 
growth  of  3°o  year  over  year 
this  quarter  and  2.3°bm 
2009  -  and  it  isn't  ruling  out 
budget  cuts  as  deep  as  20°  o 
at  some  companies. 

"This  is  no  downturn;  this 
is  a  crisis."  analyst  Whit 
Andrews  said. 

PATRICK  THIBODEAU 
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fatacenters  eat  up  to  30  times  more  energy  per  square  foot  than  a 
rffice.The  answer.  IBM  green  datacenter  and  IT  services.  They 
3  you  implement  a  conservation  policy  and  measure,  manage  and 
n  real  results  against  it.  Many  IBM  customers  have  doubled  their 
city:  others  have  reduced  energy  costs  by  40%  or  more.  A  greener 
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■  NEWS  ANALYSIS 


NEEDED:  Better 

IT  Crystal  Balls 
On  Wall  Street 


annual  spending  by  financial  firms  on 
high-performance  systems  grew  from 
$169  million  in  2003  to  $305  million 
last  year. 

As  the  complexity  of  the  models  in¬ 
creased,  so  did  the  confidence  that  fed¬ 
eral  regulators  placed  in  them.  For  in¬ 
stance,  The  New  York  Times  reported 
this  month  that  at  a  little-noticed  meet¬ 
ing  in  April  2004,  the  U.S.  Securities 
and  Exchange  Commission  —  acting 
at  the  behest  of  large  investment  banks 
—  voted  to  loosen  its  debt-limit  rules 
and  rely  on  the  firms’  computer  models 
for  assessing  investment  risks. 

But  as  recent  events  have  made 

Continued  on  page  10 
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■  NEWS  ANALYSIS 


Continued  from  page  8 
clear,  such  confidence  in  the  technol¬ 
ogy  appears  to  have  been  misplaced. 

Dennis  Santiago,  CEO  and  managing 
director  of  Institutional  Risk  Analyt¬ 
ics,  a  consulting  firm  and  software 
developer  in  Torrance,  Calif.,  said  the 
Wall  Street  crisis  has  exposed  some 
fundamental  shortcomings  in  current 
risk-modeling  tools  and  data  analysis 
techniques.  “We  have  been  pretty 
much  using  the  same  .ools  for  a  decade 
now."  he  said.  “One  of  the  things  that  is 
clearly  beginning  to  show  itself  is  that 
the  techniques  that  worked  in  the  last 
business  cycle  for  managing  risk  don’t 
work  as  well  anymore.” 

For  example.  Santiago  cited  the  way 
that  companies  model  the  risks  associ¬ 
ated  with  so-called  structured  finance 
transactions,  such  as  loans  made  to  a 
business  based  on  its  cash-flow  history. 
Much  of  the  statistical  averaging  applied 
in  the  risk  models  is  done  in  “an  almost 
blind  fashion,  on  the  assumption  that  it 
has  worked  all  this  time,”  he  said.  But, 
he  added,  that  has  become  a  faulty  as¬ 
sumption,  causing  many  institutions  to 
lose  confidence  in  such  transactions. 

What’s  needed  now,  according  to 
Santiago,  are  increased  investments  in 
systems  and  analytical  approaches  that 
come  closer  to  modeling  the  actual 
risks  faced  by  financial  services  firms. 

RISK  MANAGEMENT  TENETS 

The  current  financial  crisis  highlights 
some  "core  tenets"  for  effective  risk 
management,  said  Dave  Hoag,  director 
of  clearing  technology  at  CME  Group 
Inc.,  which  operates  the  Chicago  Mer¬ 
cantile  Exchange,  the  Chicago  Board 
of  Trade  and  the  New  York  Mercantile 
Exchange. 

The  most  important  one,  Hoag  said, 
is  the  need  for  fair  and  transparent  vis¬ 
ibility  into  the  models,  data  and  analyt¬ 
ic  techniques  that  are  used  to  calculate 
the  risks  of  transactions.  For  instance, 
he  said  that  the  methodologies  and  un¬ 
derlying  numerical  values  that  CME’s 
tools  use  to  generate  portfolio  risk 
scenarios  are  openly  available  to  all  of 
the  participants  in  a  planned  financial 
transaction. 

“One  of  the  things  we  like  to  talk 
about  is  the  transparency  of  what  is 
going  on  in  terms  of  who  trades  what 
and  when,”  Hoag  said.  “Everybody 


understands  what  goes  into  the  risk 
analysis.”  He  added  that  he  expects  to 
see  a  heightened  focus  on  making  risk 
calculation  processes  more  transpar¬ 
ent  —  as  companies  either  elect  or  are 
driven  to  do  so  by  new  regulations. 

Not  everyone  is  convinced  that  big 
changes  are  needed  in  risk  manage¬ 
ment  systems  and  procedures.  Glyn 
Holton,  an  independent  financial  risk 
management  consultant  based  in  Bos¬ 
ton,  acknowledged  that  there  will  like¬ 
ly  be  a  greater  emphasis  on  risk  model¬ 
ing,  at  least  for  a  while.  “There  will  be 
some  more  focus  on  strengthening  risk 
management,  some  technology  will  be 
purchased,  and  probably  monitoring 
will  be  increased,"  he  said. 

But  Holton  thinks  the  problems  on 
Wall  Street  have  far  more  to  do  with 
an  absence  of  regulatory  oversight. 
“Financial  risk  management  makes  a 
wonderful  scapegoat,”  he  said.  “This 
is  a  cycle  we  go  through  whenever  we 
have  losses.  We  trot  out  the  back-office 
risk  management  guys." 


On  the  other  hand,  Suzanne  Duncan, 
financial  markets  industry  leader  at 
the  IBM  Institute  for  Business  Value, 
said  there  is  broad  recognition  that 
new  investments  in  risk  modeling  are 
needed. 

In  June,  the  IBM  think  tank  and 
research  operation  and  the  Securi¬ 
ties  Industry  and  Financial  Markets 
Association  jointly  surveyed  about 
500  IT  professionals  in  the  financial 
industry  about  their  technology  spend¬ 
ing  priorities.  According  to  IBM,  67% 
of  the  respondents  cited  increased 
risk-transparency  rules  as  the  primary 
regulatory  action  that  would  affect  IT. 
And  a  majority  said  that  the  crisis  was 
a  catalyst  for  increasing  the  amount  of 
money  their  companies  were  investing 
in  risk  management  projects. 

Duncan  said  that  could  eventually 
drive  even  more  demand  for  high- 
performance  computers  capable  of 
crunching  risk  models.  ■ 

Patrick  Thibodeau  contributed  to 
this  story. 


Is  Open  Source  the 
Answer  for  Risk  Models? 


BY  AOREEING  to  rely  on  Wall  Street's 


Many  Wall  Street  firms  are  already 


ment  risks,  the  SEC  essentially 
outsourced  that  part  of  its  regulatory 
duties  to  the  systems  of  financial 
services  firms,  says  Erik  Gerding, 
an  assistant  professor  of  law  at  the 
University  of  New  Mexico  who  does 
research  on  securities  law. 

Gerding’s  proposed  fix:  Make  the 
software  code  that  underlies  the  risk 
models  open  source  -  a  step  that  he 
claims  would  boost  the  transparency 
of  risk  calculations  and  potentially 
improve  their  accuracy. 

“Just  as  with  open-source  soft¬ 
ware.  other  users  would  be  able  to 
copy  and  modify  these  models  for 
their  own  use,"  Gerding  said.  And  by 
looking  at  the  code,  business  part¬ 
ners  as  welt  as  credit-rating  agen¬ 
cies  could  get  a  better  picture  of  how 
financial  services  firms  assess  the 
transaction  risks,  he  said. 


ware.  But  Lisa  Cash,  executive  vice 
president  of  sales  and  marketing 
at  DFA  Capital  Management  Inc.,  a 
vendor  of  risk  management  tools, 
said  she  thinks  H  would  be  difficult  to 
get  high-quality  risk  models  into  the 
market  on  an  open-source  basis. 

Cash  said  that  a  better  option  for 
increasing  transparency  as  well  as 
confidence  in  risk  models  would 
be  for  U.S.  regulators  to  emulate 
their  counterparts  in  Europe,  where 
watchdog  agencies  audit  financial 
firms' risk  models. 

Peter  Teuten,  president  of  Keane 
Business  Risk  Management  Solu¬ 
tions  UC,  also  questioned  the  wis¬ 
dom  of  using  open-source  approach¬ 
es  in  risk  modeling.  But  he  said  that 
he  does  expect  some  modeling  stan¬ 
dards  to  emerge  from  the  crisis. 

-PATRICK  THIBODEAU 
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The  inefficiency,  complexity  and  rising  energy  costs  of  twentieth-century 
datacenters  simply  can’t  support  the  demands  of  twenty-first-century 
business.  IBM’s  New  Enterprise  Data  Center  is  a  vision  for  IT  that’s  highly 
efficient,  business  driven  and  greener-by-design. .IBM  is  already  working 
with  over  2,000  clients  to  help  make  this  vision  a  teality.  A  greenef  world 
starts  with  greener  business.  Greener  business  st^ts  with  IBM.  ] 
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Full  Speed  Ahead 
For  IT  on  Storage 
Projects,  Despite 
Economy’s  Drag 

The  economic  downturn 
may  affect  IT  budgets.  But 
data  storage  is  expected  to 
be  largely  recession-proof. 

By  ToSlR.  Weiss 


"f  he  ECONOMY  last  week 

may  be  in  a  re-  with  the  i 

cession,  and  the  the  amou 

stock  market  is  ers  need  I 

experiencing  to  grow,  \ 


last  week,  is  simple:  Even 
with  the  economy  struggling, 
the  amount  of  data  that  us¬ 
ers  need  to  store  continues 
to  grow,  with  no  end  in  sight. 
(See  Cover  Story,  page  20.) 

For  example,  Gary  Peder- 


affected  funding  for  a  docu¬ 
ment  management  project. 
Her  company,  which  makes 
food-processing  equipment 
and  robotic  systems  for 
changing  truck  batteries, 
plans  to  install  the  technol¬ 
ogy  to  help  organize  a  vast 
collection  of  engineering 
plans  and  other  documents. 

“Everything’s  custom¬ 
ized,  so  we  have  unique 
diagrams  from  every  piece 
of  equipment  [we’ve  sold]," 
Pollei  said.  When  customers 
call  for  help  or  replacement 
parts,  workers  need  easy  ac¬ 
cess  to  documents  —  so  her 
company  wants  to  automate 
that  process. 

But  doing  so  will  require  a 
new  storage  system  that  will 
go  well  beyond  the  small, 
basic  SAN  that  the  company 
uses  now,  Pollei  said.  Her 
mission  at  Storage  Network¬ 
ing  World  —  which  was  run 
jointly  by  Computerworld 
and  the  Storage  Networking 
Industry  Association  —  was 
to  find  product  information 
and  possible  vendors  for  the 
storage  piece  of  the  project. 

The  economy  also  isn’t 


jerk  reaction,”  Roman  said. 
But  he  added  that  funding 
issues  might  arise  in  the  fu¬ 
ture  if  the  crisis  continues. 

James  McCartney,  a  sys¬ 
tems  programmer  at  the 
University  of  Arkansas 
in  Fayetteville,  said  the 
school’s  IT  budget  has  yet  to 
feel  any  pinches.  But  even 


ratcheting  up  last  month, 
McCartney  and  other  IT 
staffers  were  looking  for 
ways  to  save  money  on  stor¬ 
age  —  albeit  through  the  ad¬ 
dition  of  new  technologies. 

Storage  virtualization 
may  be  one  option.  The  IT 
department  is  also  exploring 
the  idea  of  setting  up  mul¬ 
tiple  storage  tiers  so  it  can 
move  lower-priority  data  to 
less-expensive  hardware, 
McCartney  said. 

For  other  users,  it's  full 
speed  ahead.  A  senior  vice 
president  of  IT  at  a  large 
bank  on  the  East  Coast 


IT  drives  your  business.  So  naturally,  it  consumes  your  thoughts.  Customers,  on  the  other  hand,  shouldn’t  need  to 
think  about  it  at  all.  They  just  expect  great  service.  Our  approach  to  Business  Service  Management  helps  ensure  they 
get  it,  by  managing  IT  services  based  on  their  impact  to  your  business.  That  way,  with  your  service  commitments 
fully  in  sync  with  your  busihess  demands,  you'll  be  able  to  give  your  customers  that  most  coveted  and  elusive  of  all 
service  experiences:  complete  satisfaction.  Of  course,  we’ll  know  the  source  of  that  satisfaction  is  really  your  very 
own  IT  department.  Learn  more  and  get  the  latest  white  papers  at  ca.com/bsm. 


CA  World  2008:  November  16-20 
Register  at  caworld.com 


I  Transforming 
«  IT  Management 


1 


Dossier 

Name:  W.Hord  Tipton 
Title:  Executive  director 


Organization:  (ISC)2 


Location:  Palm  Harbor,  Fla. 


Favorite  place  in  the  U.S.: 
“Alaska.  H's  wild,  it’s  very  thin¬ 
ly  populated,  and  H  has  great 
Ashing  and  great  hunting  and  all 
the  outdoor  things  I  Ilka  to  do. 
I’ve  been  all  the  way  from  Juno 
to  the  Arctic  Circle.” 


was  [CIO  in  the  U.S.  Depart¬ 
ment  of  the  Interior]  and  the 
White  House  determined  that 
our  IT  architecture  was  the  best 
in  government  and  a  best  prac¬ 
tice.  That  was  in  2005.  H  was  so 
significant  to  me  because  when 
I  went  into  the  job,  it  was  the 


When  he  retires:  “I  retired 
[from  the  Interior  Department  in 
2007].  I  fished,  I  golfed,  I  hunt¬ 
ed,  I  worked  20  hours  a  week 
consulting.  I  liked  that.  Ill  prob¬ 
ably  do  it  again -unless  another 


■  THE  GRILL 

W  HordTipton 

The  (ISC)2  executive  director  talks 
about  designing  security  software, 
compensating  for  human  error  and 
pulling  together  to  beat  the  bad  guys. 


The  International  Information  Systems 
Security  Certification  Consortium  Inc., 
or  (ISC)2,  is  a  nonprofit  organization 
that  educates  and  certifies  information 
security  professionals.  W.  Hord  Tipton 
has  been  promoting  (ISC)2's  new  certi¬ 
fication,  the  Certified  Secure  Software 
Lifecycle  Professional,  or  CSSLP. 

What's  your  primary  mission  as  the  new 
executive  director  of  (ISC)2?  I  want  to 
bring  together  the  [various  technology 
security  organizations],  so  when  we’re 
delivering  a  message  in  this  complex 
world,  we’re  speaking  as  more  of  a 
single  voice.  Too  often,  the  organiza¬ 
tions  think  we’re  competitors,  when 
in  80%  to  90%  of  what  we  do,  we’re 
not  competitors  at  all.  We  have  a  lot 

Continued  on  page  16 
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Printing  solutions 

as  easy  as  _  , 

y  Ctrl  P 


Introducing  printers  that  put  you  completely  in  control.  Control  of  your  workflow 
with  web-based  remote  management  and  printer  status  monitoring  systems. 
Oonffbi  of  your  costs  with  a  toner  save  function  and  low  total  cost  of  ownership. 
Centro!  operations  with  an  intuitive  interface,  simple  jam  recovery,  and  easy-to-use 
animation  based  troubleshooting  guide.  Samsung  printing  solutions  put  control 
..here  it  belongs. ..at  your  fingertips.  For  more  information,  call  1-866-SAM-4BIZ 
or  visit  www.samsung.com/businessprinter 


I  Operations 


rity  vulnerability  < 


ft! 

break  can  be  broken  in  a 
few  minutes  if  you  have . . . 
quantum  computing. 


Continued  from  page  14 
of  similarities,  even  with  the  different 
credentials  and  acronyms.  Microsoft 
has  their  gold  standard.  HP,  Cisco  —  all 
have  their  [certifications].  SANS  has 
theirs.  And  I've  been  talking  with  the 
directors  of  these  to  come  up  with  some 
better  ways  to  work  together  so  we're  all 
on  the  same  side  to  promote  IT  security. 


breaches.  Why  iran't  we  further  ahead? 

It’s  all  about  software.  Why  has  it  taken 
so  long  to  recognize  that  something  dif¬ 
ferent  has  to  be  done  to  eliminate  what 
in  many  cases  are  easy  paths  into  these 
[systems]?  My  theory  is  if  we  move  a 
little  faster,  obtain  some  synergy  work¬ 
ing  together,  then  maybe  we  can  have 
time  to  think  ahead  and  put  prevention 
methods  in  place.  We  have  tools  to  do 
this,  but  we  either  don’t  think  ahead  or 
people  cant  afford  them  or  they  haven’t 
been  deployed;  they  just  get  overlooked. 

That’s  our  thinking  with  the  new 
credential  we’re  launching.  Everyone 
at  this  point  recognizes  that  much  of 
the  issue  is  around  human  errors  — 
lost  passwords,  phishing.  These  are  just 


Encryption  codes 
that  now  would 
take  100  years  to 


the  result  of  people  not  being  aware, 
properly  trained  or  educated  in  things  to 
look  out  for.  So  we  need  to  adjust  the  bal- 


Who  are  the  leading  threats  to  enterprise 
security,  and  what  exactly  are  they  after? 

At  this  point,  it’s  more  than  just  brag¬ 
ging  to  your  buddies  about  messing 
up  someone’s  Web  site.  It’s  a  complete 
criminal  enterprise.  They  have  re¬ 
sources  and  can  hire  very  sharp  people 
to  do  their  evil  work.  It’s  hard  to  keep 
up  with  them.  That’s  why  a  lot  of  the 
shift  is  to  protect  the  financial  inter¬ 
ests.  That’s  where  it  seems  the  threats 
and  the  attacks  have  shifted  to. 

How  are  they  netting  into  computer  sys¬ 
tems?  Fifty  percent  of  the  attacks  are 
Web-based  at  this  point.  And  PDAs 
and  mobile  computing  devices  are  real 
targets  too.  Those  are  about  13%. 

How  do  the  throats  to  enterprise  security 
■fiffer  from  those  posed  to  the  individual 
computer  user?  They’re  actually  con¬ 
nected.  They  go  after  individual  comput¬ 
ers.  You’re  familiar  with  the  botnet  piece 
of  it,  where  individual  computers  become 
a  network  of  a  100,000  or  so  where  you 
have  massive  computing  power.  The 
botnets  are  used  primarily  for  mass 
distribution  of  spam  and  malware,  and 
sometimes  DDOS  [distributed  denial-of- 
service]  attacks.  A  credit  card  number 
could  be  picked  up  along  the  way,  since 
the  computer  is  captured  and  many  of  us 
have  financial  programs  on  our  PCs.  But 
most  of  the  credit  card  and  Social  Secu¬ 
rity  numbers  come  from  large  breaches 
from  institutional  sources.  That  is  when 
bundling  of  card  packages  occurs  and 
profiting  begins.  These  are  generally 
the  work  of  organized  professionals. 

The  concern  has  been  that  security  is  an 
afterthought.  How  do  you  get  H  leaders  to 
stop  tacking  on  security  at  the  end  of  the 


questions  as  the  software  evolves.  Once 
the  software  gets  turned  over  to  the 
programmers,  they’re  operating  on  dif¬ 
ferent  incentives  and  motivations.  They 
have  locked-down  budgets,  the  rush  to 
market  begins,  and  if  someone  comes 
in  and  asks,  “Have  you  designed  in 
there  the  need  for  input  validation?”  for 
example,  it’s  too  late.  It  will  cost  extra 
money  and  will  slow  things  down. 

And  [the  software]  has  to  be  deployed 
correctly.  There  needs  to  be  a  change 
configuration  management  process  in 
place  that  at  least  has  someone  aware 
of  how  the  software  evolved  and  [that] 
if  you  change  something  in  one  place 
in  the  application,  that  might  introduce 
a  vulnerability  in  another  place. 

This  is  what  we  need  to  make  sure 
the  CIOs  [and]  the  CFOs  understand. 
Once  it’s  made  clear  to  them  what  risk 
they  entertain  by  doing  certain  short¬ 
cuts,  it  makes  it  easier  for  them  to  un¬ 
derstand  why  they  need  to  spend  the 
extra  time  and  resources  to  produce  a 
quality,  secure  product. 

How  do  you  think  the  enterprise  security 
landscape  will  look  in  five  years?  We 

should  be  thinking  about  what’s  going 
to  be  happening  in  encrypting.  Well 
probably  have  quantum  computing  in 
not  too  many  years,  and  encryption 
codes  that  now  would  take  100  years  to 
break  can  be  broken  in  a  few  minutes 
if  you  have  the  capability  of  quantum 
computing.  So  there  has  to  be  some 
thinking  on  how  we  deal  with  things 
in  light  of  new  computing. 

So  in  five  years,  security  will  still  be  a  big 
Issue  in  IT?  Absolutely.  That’s  why  I 
think  there’s  such  a  growing  need  for 
security  professionals.  It’s  what  I  see 
as  the  No.  1  recruitable  position. 

—  Interview  by  Mary  K.  Pratt 


SunGard  Availability  Services  help  your  business  move  forward  with 
the  most  advanced  and  widest  choice  of  information  availability  options 
in  the  industry 

From  virtualization  to  hot  sites  to  replication  and  vaulting— SunGard  Availability  Services 
does  it  all.  And  it's  all  we  do.  That  kind  of  focus  helps  ensure  high  availability  of  data, 
applications  and  systems  and  fits  your  needs  and  budget  precisely. 

When  we  partner  with  you.  you  worry  less  about  the  road  ahead.  Here's  why: 
a  track  record  of  100%  successful  recoveries;  over  60  facilities  with  redundant 
power  connected  to  SunGard’s  secure  global  network;  and  more  than  20,000  end- 
user  positions  in  facilities  across  North  America  and  Europe.  SunGard  Availability 
Services— the  information  availability  solution  for  businesses  that  must  run  non-stop. 
Keep  moving,  call  1-800-468-7483  or  visit  www.availability.sungard.com. 

SUNGARD'  San 

Availability  Services  Connected? 


I  Bruce  A.  Stewart 

‘We’re  All 
Doomed!’ 


IT’S  BEEN  A  TUMULTUOUS  YEAR,  and  IT  profes¬ 
sionals  have  not  been  excluded  from  the  heart-stopping 
excitement.  What  has  surprised  me  immensely  in  the 
past  month,  however,  is  a  sudden  shift  to  pessimism. 
People’s  concerns  about  the  companies  they  work  for  are 

melding  with  worries  i  about  a  rising  tide  lifting  the  20  or  more  projects 

about  4010c)  perfor-  all  boats  seems  to  have  an  that  your  area  has  been 

mance  and  mortgages,  |  asymmetrical  corollary:  working  on  and  focus 

An  ebbing  tide  drops  just  a  few,  the  one: 
each  boat  individually.  If  will  result  in  cost : 
you  work  for  a  company  ings  or  potential  revenue, 

whose  markets  and  oper-  That’s  a  good  way  to  hold 
ating  cash  requirements  onto  funding, 

are  sound,  your  job  is  And  when  you  take 

probably  safe.  One  less  ideas  to  senior  manage- 

wotry.  ment,  present  multiple 

Second,  if  you’re  an  IT  approaches  for  getting 
manager,  pay  attention  them  done.  That  will 

to  what’s  happening  with  give  them  choices  —  and 
your  employees.  They’re  make  it  more  likely  that 
probably  stressed  out  one  of  those  ideas  will  be 

about  the  same  things  you 
are:  credit  card  balances, 
investment  performance, 
mortgage  payments  and 
real  estate  values. 

One  way  to  handle 
stress  is  to  begin  sorting 
out  your  work  ahead  of 
cutbacks.  Pull  back  from 


all  amplified  by  the : 
that  the  world  is  falling 
apart.  “We’re  all  freaking 
doomed!"  has  become  the 
cry  of  the  day. 

How  much  of  this  wor¬ 
ry  is  justified? 

First  things  first.  A  lot 
of  companies  are  in  trou¬ 
ble.  They’ve  been  having 
funding  difficulties,  and 
a  second  wave  of  budget 
cuts  is  starting  to  build. 
More  major  names  than 
you  might  suspect  have 
been  on  the  brink  of  not 
making  payroll  as  com¬ 
mercial  credit  has  dried 
up.  Contractors  are  being 
laid  off  as  projects  are 
shelved,  and  permanent 
staffers  are  worried  that 
they’ll  be  next.  For  some, 
that’s  true  —  and  find¬ 
ing  a  new  job  won’t  be 
as  easy  as  it  might  have 
been  a  year  ago. 

But  a  fair  number 
of  companies  aren’t  in 
trouble.  That  old  saying 


Is  it  a  high- 
stress  time? 
Absolutely.  But 
you  can  reduce 
the  stress  for 
all  around  you. 


TUrbulent  times  are 
ideal  for  cleanup  activ¬ 
ity.  With  pressure  to  cut 
costs,  you  can  justify  scal¬ 
ing  back  services  to  levels 
that  are  sustainable  but 
less  expensive.  Remember, 
projecting  the  conse¬ 
quences  of  various  courses 
of  action  is  key  to  attract¬ 
ing  money  and  work.  • 
Third,  it’s  a  good  time 
to  think  about  the  value 
that  your  suppliers  bring 
the  table.  Vendors  are 
going  to  be  hungry  for 


new  business,  so  you  can 
expect  to  see  one  deal  of 
the  century  after  another 
as  they  get  more  desper¬ 
ate.  Just  make  sure  that 
anything  you  buy  will  de¬ 
liver  results  for  the  com¬ 
pany.  Don't  buy  anything 
just  because  of  a  price 
reduction. 

It’s  important  to  show 
discipline  right  now 
about  what  can  be  de¬ 
ferred  vs.  what  must  be 
undertaken.  Take  a  stand 
against  Microsoft  forcing 

companywide  upgrade 
o  Vista.  Be  tough  with 
any  outsourcers  that  want 
price  adjustments.  Say  no 
to  a  vendor  with  prices 
that  sound  too  good  to  be 
true.  Demonstrating  an 
ability  to  do  these  things 
will  help  you  when  you 
have  to  make  your  case 
for  the  things  you  do 
need  for  the  business. 

Is  it  a  high-stress  time? 
Absolutely.  But  you  can 
reduce  the  stress  for  all 
around  you,  including 
your  corporate  leaders, 
if  you  can  show  that  you 
get  their  world.  And  you 
may  just  get  what  you 
need  in  the  process.  ■ 
Bruce  A.  Stewart  is  CEO 
of  Vancouver,  British 
Columbia-based  Accendor 
Research  Inc.,  an  advisory 
services  firm  focused  on 
management  issues  in 
the  technology-enabled 
enterprise.  He  can  be 
reached  at  bruce.stewartta) 
accendor.com. 


OCTOBER  : 


WITH  HALF  THE  WORK. 


IHITIBOPXftBiUTrl  RUN  WITH  IT. 

Bringing  Windows  Server®  2008  and  SUSEa  Linux  Enterprise  Server  together  into  one  reliable  and  secure 
virtualized  environment  —  with  clearly  defined  intellectual  property  rights  —  was  just  the  start.  Now  we're 
developing  solutions  that  will  let  you  manage  both  operating  systems  using  only  one  set  of  tools,  and  you 
choose  the  tools  you  prefer.  Just  what  you  need  to  combine  your  Windows  and  Linux  data  centers  into 
one  and  cut  complexity  in  half. 

Need  the  best  Linux?  Get  your  SUSE  Linux  Enterprise 
migration  kit  now  at  moreinterop.com 


Novell.  Mkxosoft 


PURGING  DATA  SAVES  MONEY  AND 
CUTS  LEGAL  RISK,  SO  WHY  DO  SO  FEW 
COMPANIES  DO  IT?  BY  MARY  BRANDEL 


funny  thing  hap¬ 
pened  on  East  Carolir 
University’s  journey 
to  creating  a  data- 


tance  of  being  able  to  quickly  pro¬ 
duce  required  information  during 
litigation,  “but  the  thing  we  never 
thought  about  was  keeping  data  too 


unusual;  many  organizations  hang 
on  to  more  data  than  they  need  for 
much  longer  than  they  should,  ac¬ 
cording  to  John  Merryman,  services 


incur  for  electronic  data  ; 
discovery  ranges  from  1 
$1  million  to  $3  million  ! 
per  terabyte  of  data,  ac-  ! 
cording  to  GlassHouse.  j 
And  although  you  need  ■ 
to  pay  attention  to  re-  ! 
taining  data,  “all  indica-  ! 
tions  are  that  you  need  ! 
to  be  keeping  less,”  says  j 
Merryman. 

A  recent  report  from  1 
Gartner  Inc.  concurs.  It  i 
states  that  the  current  ex-  \ 
plosion  of  data  is  outpac¬ 
ing  the  decline  in  storage  pri 
before  the  resource  costs  for 
ing  data  are  taken  into  accoti 


WE  NEVER 
THOUGHT 
ABOUT  WAS 
KEEPING 
DATA  TOO 
LONG. 


eration.  According  to 
research  from  Enter¬ 
prise  Strategy  Group 
Inc.  in  Milford,  Mass., 
the  average  required 
retention  period  for 
files,  e-mails  and  data¬ 
bases  is  on  the  rise. 
Most  companies  retain 
such  data  for  four  to 
10  years,  says  Brian 
Babineau,  an  analyst 


J  East  Carolina  Uni- 
...  versity  started  with 
the  low-hanging  fruit,  setting  retention 
and  purging  policies  for  e-mail,  medi¬ 
cal  records  and  security  video  footage. 


Estimating  that  the  average  employ-  It  archived  that  data  on  a  new  system 
ee  generates  10GB  of  data  per  year,  at  that  uses  Symantec  Corp.’s  Enterprise 

a  cost  of  $5  per  gigabyte  to  back  it  up.  Vault  storage  management  software 
Gartner  says  a  S, 000-worker  company  and  EMC  Corp.’s  Centera  content- 


LITIGATION 

& 


Fulbrujht  &  Jaworski  LLP  sur¬ 
veyed  253  US.  and  50  UK 
corporate  counsels  for  its 
"2007  Litirjation  Trends  Survey 
Findings"  report  and  found 
the  following: 


mes  maintain  multiple  copies 
(such  as  test  data,  operational 
disaster  recovery  copies,  not  t 


cords,  if  kept  indefinitely,  can  become 

a  gold  mine  for  attorneys  looking  for 

tion.  But  since  backups  collect 

evidence,  he  adds. 

daily  snapshots,  there  was  alwa 
potential  for  data  to  be  missing 

POLICY  POINTS 

to  the  server  after  the  snapshot 

One  way  to  address  this  problem  is  to 

taken.  And  even  if  the  data  coul 
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Because  your  road  warriors  can’t  afford  a  crash, 

Samsung  SSD  is  now. 


The  future  of  PC  storage  is  now.  Samsung  SSD 

is  helping  companies  slash  their  maintenance 
costs  by  eliminating  hard  drive  crashes  and 
reducing  downtime.  To  see  how  Samsung  SSD 

is  transforming  IT  right  now.  visit  samsungSsd.com. 


SAMSUNG 
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Continued  from  page  22 
20  years  alter  the  patient  is  deceased, 
but  East  Carolina  University  now  uses 
EMC's  Rainfinity  to  take  that  data  off 
primary  storage  and  archive  it  to  the 
Centers  device  so  it's  out  of  the  backup 
environment 

Beyond  those  policies,  the  job  of 
determining  rules  is  getting  more  dif¬ 
ficult,  Zimmer  acknowledges.  “There’s 
a  lot  of  other  stuff  that  we  don’t  know 
the  retention  [requirements]  for,  so 
that  will  be  more  tricky,"  he  says. 

Gartner  offers  a  hint  It  says  the  key 
to  reducing  data  volumes  is  a  process 
called  “content  valuation,"  which  ex- 


|  amines  factors  such  as  usage  patterns, 
nature  of  content  and  business  purpose. 

The  simplest  way  to  reduce  data 
volumes  is  to  delete  the  data  you  don’t 
need.  But  that  is  much  more  easily  said 
than  done.  In  fact,  outside  of  e-mail, 
most  data  is  never  dumped,  Merryman 
says.  “Most  legacy  applications  have 
never  purged  data,  and  new  applica¬ 
tions  are  rarely  designed  to  accom¬ 
modate  purging,”  he  says.  Moreover, 
he  adds,  deleting  production  data  is 
complicated. 

Also,  the  issues  associated  with  legal, 
compliance  and  operational  risks  are 
often  ambiguous,  and  few  organiza¬ 


tions  have  a  process  to  accommodate  a 
web  of  requirements  for  data  retention. 

“If  you  look  at  legacy  data  outside 
the  application  world,  a  lot  of  people 
have  no  idea  what  it  is,  but  they’re 
scared  of  getting  rid  of  it,"  Merryman 
says. 

At  one  large  bank  in  New  York,  he 
ran  across  hundreds  of  file  extensions 
that  no  one  knew  about,  as  well  as  data 
that  had  been  kept  even  though  it  was 
inaccessible  by  currently  maintained 
applications  or  interfaces. 

Another  difficulty  with  purging  is 
the  lack  of  a  guarantee  that  you’ve 
deleted  all  instances  of  a  data  set.  You 


ing  to  even  begin.  But  don’t  let  that 
stop  you,  Merryman  says.  Start  setting 
purging  policies  now  rather  than  try¬ 
ing  to  apply  them  to  old  data.  “If  you 
address  high-risk,  high-volume  appli¬ 
cations  and  databases,  you’ll  address 
90%  of  the  risk,”  he  says.  “If  you  target 
all  700  applications  in  your  environ¬ 
ment,  you’ll  never  get  it  done.” 

And  remember  that  business  logic  is 
with  you.  In  a  tiered  storage  environ¬ 
ment,  Merryman  says,  the  business 
case  is  much  stronger  when  you  purge 
data  rather  than  simply  archive  it  on 
lower-cost  disk.  “The  cost  of  per¬ 
petually  managing  and  refreshing  huge 
amounts  of  data  that’s  never  been  culled 
or  purged  is  extremely  high,”  he  says. 

Unfortunately,  he  adds,  most  com¬ 
panies  that  develop  tiering  strategies 
figure  they’ll  purge  sometime  in  the 
future.  “But  that’s  the  problem  with 
purge,”  he  says.  “It’s  always  ’later,’  like 
cleaning  out  the  basement.” 

Still,  he  says,  “if  you  invest  in  tech¬ 
nology  that  helps  you  retain  data,  why 
not  invest  in  technology  that  helps 
expire  data  when  you  don’t  need  it 
anymore?”  ■ 

Brand*)  is  a  Computerworld  contribut¬ 
ing  writer  in  Newton,  Mass.  Contact  her 
at  marybrandel@verizon.net. 
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■  SECURITY  MANAOER’S  JOURNAL  I  MATHIAS  THURMAN 

Looking  for  the 
Silver  Lining 

The  business  is  looking  at  cloud 
computing.  But  our  manager  finds 
some  glaringly  obvious  problems. 


I'VE  HAD  my  head  in 
the  clouds  ever  since 
I  attended  a  meeting 
last  week.  The  IT 
department  is  inter¬ 
ested  in  exploring  cloud 
computing,  so  I’ve  been 
busy  trying  to  identify  any 
security  risks  inherent  in 
this  emerging  technology. 

I've  done  some  basic 
reading  on  cloud  comput¬ 
ing.  and  to  be  honest,  I've 
had  a  hard  time  under¬ 
standing  exactly  what 
vendors  are  selling.  Before 
I  delved  deeper,  it  was 
hard  to  tell  the  difference 
between  cloud  computing 
and  earlier  business  mod¬ 
els,  some  of  which  I  have 
personal  experience  with. 

Back  in  2000, 1  worked 
for  a  start-up  that  hosted 
other  companies'  serv¬ 
ers.  This  was  a  managed 
service  provider.  After  it 
as  acquired,  I  worked  for 
a  company  that  hosted  a 
time  card  application.  It 
called  itself  an  application 
service  provider.  So,  peer¬ 
ing  into  this  nebulous  enti¬ 
ty  called  cloud  computing, 

I  saw  some  obvious  simi¬ 
larities  with  the  MSP  and 
ASP  models.  A  closer  look 
brought  out  the  differences 
—  some  of  them  obvious 


The  major  differentia¬ 
tors  are  the  location  of  data 
and  the  technology  used. 

In  the  MSP/ASP  models, 
we  always  knew  where  a 
customer’s  data  resided: 
in  one  of  a  handful  of 
data  centers.  We  even  let 
customers  choose  which 
regional  data  center  their 
data  would  be  served  from. 

In  the  MSP  model,  indi¬ 
vidual  servers  were  pro¬ 
visioned  in  a  data  center, 
with  minimal  interaction 
from  the  vendor.  We  sim¬ 
ply  hosted  the  physical 
server  infrastructure,  pro¬ 
viding  power,  networking 
and  rack  space.  With  cloud 
computing,  vendors  have 
several  data  centers  and 
use  virtualization  to  provi¬ 
sion  servers. 


There  are  more  security 
concerns  with  this  model 
than  I  can  cover  in  this 
space.  You’ll  have  to  con- 


■  To  be  honest, 
I’ve  had  a  hard 
nme  unaerstanain 
what  doud  ven¬ 
dors  are  selling. 


duct  your  own  research  to 
come  up  with  a  compre¬ 
hensive  list.  But  here  are 
my  main  concerns. 

First,  my  company  has 
to  comply  with  a  lot  of 
regulations.  By  hosting  our 
applications  ourselves,  we 
can  clearly  define  our  con¬ 
trol  objectives  and  main¬ 
tain  the  integrity  of  our 
financial  data  as  required 
by  law.  If  we  were  to  put 
our  financial  applications 
into  the  cloud,  we  would 
certainly  have  to  re-evalu- 
ate  our  control  objectives 
to  ensure  that  compliance 
wouldn’t  be  compromised. 

The  second  concern  is 
the  commingling  of  data. 
Cloud  vendors  typically 
store  data  from  multiple 
customers  on  the  same 
hardware.  We  need  our 
data  to  be  properly  seg¬ 
mented  from  that  of  our 
competitors.  And  when 
the  vendors  back  up  data, 
do  they  commingle  data 
on  shared  media?  If  we 
terminated  our  contract, 
would  they  pull  only  our 
data  from  the  tapes?  Might 
some  of  our  data  end  up  in 
the  hands  of  a  competitor 
that  way? 

The  third  concern  is  vir¬ 
tualization.  For  example, 


Trouble 

Ticket 

ISSUE:  IT  wants  to  •*- 


VMware  offers  a  feature 
called  the  Distributed 
Resource  Scheduler  that 
continuously  monitors 
utilization  across  the  guest 
operating  systems  liv¬ 
ing  on  a  virtual  machine 
and  intelligently  allocates 
available  resources  among 
other  virtual  machines. 
When  virtual-machine 
resources  are  constrained, 
additional  capacity  is 
made  available  by  migrat¬ 
ing  live  virtual  machines 
to  a  different  physical 
server.  Sounds  cool,  right? 
Well,  it  is.  But  what  if  the 
server  that  your  source 
code  repository  lives  on 
is  dynamically  moved  to 
a  server  in,  say,  Russia  or 
China?  Can  you  vouch  for 
the  integrity  of  infrastruc¬ 
ture  that  physically  resides 
in  a  risky  location? 

I  will  continue  to  ex¬ 
plore  these  and  other 
potential  security  risks  so 
I  can  provide  the  best  pos¬ 
sible  guidance  should  the 
company  decide  to  pursue 


will  truly  protect 

interests  and  those  of 
our  customers.  ■ 

This  week’s  journal  is  writ¬ 
ten  by  a  real  security  man¬ 
ager,  “MaWu  Thurman,' " 
whose  name  and  employer 
have  been  disguised  for 
obvious  reasons.  Contact 
him  at  mathias_thurman@ 
yahoo.com,  or  join  the 
discussions  in  our  security 
blogs:  computerworld. 
com/blogs/security. 
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Upgrade  to  VoIP  with  software  that  won't  upend  your  PBX. 


Microsoft 


I 


■  MANAGEMENT 


larger  businesses  like  Microsoft  Corp., 
Google  was  able  to  build  grass-roots 
support  around  its  search  engine  and 
online  advertising  business  model 
to  grow  quickly  and  nimbly  into  the 
multibillion-dollar  company  it  is  today. 

That  kind  of  fast  growth  and  mega¬ 
success  has  a  downside,  however.  The 
Continued  on  page  30 

At  the  10-year  mark,  theC^  J 
company  struggles  to  balance  youthful 
anarchy  with  practical  process. 

BY  ELIZABETH  MONTALBANO 

li»l 


Congratulations 
Award  Recipients! 

Storage  Networking  World  proudly  announced 
the  results  of  the  "Best  Practices  in  Storage" 
Awards  Program.  This  program  honors  IT  users 
"Best  Practice"  case  studies  selected  from 
a  field  of  qualified  finalists. 


Innovation  and  Promise 


Thank  you  to  our  "Best  Practices 
in  Storage"  Judges  for  SNW 
Fall  2008: 


Planning,  Designing  and  Building  a  Strategic  Storage  Infrastructure 


ROI  and  Best  Practices  in  Green  Computing  and  the  Data  Center 


Selecting  and  Deploying  Storage  Networks 


Storage  Reliability  and  Data  Recovery 


■  MANAGEMENT 


MANNING.  ENGINEERING  ;  puli  A  little  more  than  a 
.D'RECTOR:6006L.E,NC. . .  •  "ear  ago.  Google  began 


Continued  from  page  28  ------- . -  --•  and  wili  inevitably  affect 

excitement  of  Google’s  MM  AS  COfTI-  1  Google,"  says  Charles 

game-changing  tech-  :  (WIMS  :  O'Reilly,  the  Frank  E. 

nology  and  the  almost  grOW  larger  it’s  :  Buck  professor  of  man- 

collegiate  culture  that  more  difficult  :  agement  at  Stanford  Uni- 

the  founders  fostered  at  1  versity’s  Graduate  School 

corporate  headquarters  ■  i  of  Business, 

in  Mountain  View,  Calif.,  10  be  Creative.  The  company  is  clearly 
made  the  company  for  CRAI8  NEVILLE-  ;  feeling  that  downward 

many  years  the  hot  place  ;  HAMMING.  ENGINEERING  ;  pull  A  little  more  than  a 

to  work.  But  in  the  past  I  DIRECTOR.  G006LE  INC.  ;  year  ago,  Google  began 

year,  the  image  of  Google’s .  to  experience  the  brain 

Silicon  Valley  nirvana  has  begun  to  drain  that  comes  when  a  start-up  be- 

show  some  cracks.  Key  members  of  comes  an  institution  and  many  of  its 
its  brain  trust  have  left  for  other  com-  early  stars  cash  out. 

panies,  and  stories  of  employee  dis-  Key  Googlers  such  as  former  CIO 

satisfaction  with  the  corporate  culture  Doug  Merrill  and  Sheryl  Sandberg, 
are  beginning  to  travel  throughout  the  former  vice  president  of  global  online 

industry.  sales  and  operations,  have  left  the  com- 

unoc  Hire  pany  in  tbe  Past  year  ~ tbe  latter  for 

MORE  LIKE  MICROSOFT  Facebook  Inc.,  to  which  some  other  key 

As  Google  ages,  one  of  its  main  chal-  Google  employees  have  also  defected, 

lenges  is  to  continue  to  foster  technol-  Then  there  was  the  child-care  fiasco 

ogy  innovation  and  draw  the  caliber  that  made  Google’s  executives  ques- 
of  talent  that  start-ups  can  attract.  tion  the  sense  of  entitlement  the  com- 

This  will  be  increasingly  difficult  as  pany  had  created  among  employees, 
the  company,  in  both  size  and  culture,  and  how  long  Google  could  sustain  it. 
begins  to  look  more  like  a  Microsoft  Things  got  hot  at  a  TGIF  meeting  _  a 
or  an  IBM  —  behemoths  over  which  weekly  forum  where  Google’s  leaders 
Google  once  had  an  edge  because  it  present  company  news  and  answer 

was  different.  employees’  questions  —  when  workers 

“Gravity  affects  all  organizations  expressed  concern  that  the  cost  of 


Attend  our  IT  Management  Summit  on  Email  Threat  Protection 
in  one  of  the  following  cities: 


Washington,  DC 


Tuesday,  October  28, 2008 
8:45am  to  Noon 
Renaissance  Mayflower  Hotel 

Complimentary  registration  available  at:  www.itmanagementsummit.com/registration/dcvip 

Denver,  Colorado  « 

Thursday,  November  20, 2008 

8:45am  to  Noon 

Denver  Marriott  City  Center 

Complimentary  registration  available  at:  www.itmanagementsummit.com/registration/denver 


For  additional  information  visit  www.itmanagementsummit.com 
or  contact  Christina  DeAvila  at  508-820-8208. 
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■  MANAGEMENT 


The  epoxy 
for  the  modern 
IT  executive. 


Continued  from  page  30 

Mascaraque  says  he  was  part  of  a 
team  that  worked  on  developing  the 
processes  and  policies  that  would  help 
Google  run  its  business  as  a  corpora¬ 
tion  rather  than  as  a  small  company. 
While  a  business  must  set  such  poli¬ 
cies  in  order  to  grow  successfully,  “the 
downside  is  you  take  away  a  lot  of  the 
creativity  and  the  flexibility  that  a 
smaller  company  has,”  he  says. 

“There’s  nothing  wrong  or  right 
about  it;  that’s  the  nature  of  the  beast,” 
Mascaraque  adds. 

Rob  Kniaz,  who  was  a  product  man¬ 
ager  on  Google’s  AdSense  advertising 
platform  team,  cited  a  similar  reason 
for  leaving  Google  in  July,  after  having 
been  at  the  company  for  four  years.  He 
says  he  missed  the  camaraderie  of  the 
early  days,  when  “you’d  walk  into  the 
cafeteria  and  know  more  than  85%  of 
the  people.” 

As  the  company  grew  and  the  people 
he  had  worked  with  in  the  beginning 
became  more  geographically  dis¬ 
persed,  it  became  “harder  to  keep  that 


Google  tries  to  do  this  by  allowing 
teams  working  on  certain  projects  the 
same  creative  and  development  free¬ 
dom  they  might  have  if  they  were  still 
working  for  a  start-up,  he  says. 

Neville-Manning  cites  Google’s  re¬ 
cently  released  Chrome  Web  browser 
beta  and  the  Android  mobile  platform 


it  grows,  Neville-Manning  says.  This 
inevitably  will  require  a  lot  of  trial  and 
error,  he  acknowledges. 

“Since  we  are  growing  so  quickly,” 
says  Neville-Manning,  “we’ve  had  to  sit 
back  every  six  months  and  redesign  proc¬ 
esses  as  they’ve  become  too  unwieldy.” 

For  example,  when  he  was  given  the 


So  Google  continues  to  struggle 
through  its  adolescent  transforma¬ 
tion.  “The  question,”  says  Stanford's 
O’Reilly,  “is  whether  they  will  deal 
with  this  in  a  productive  way  or  do 
something  foolish.”  ■ 

MonUibano  writes  for  the  IDG  News 
Service. 


You  need  to  create  a  bond  between  business  and  IT. 

It’s  a  sticky  situation.  You’ve  already  invested  in  technology  to  automate  your  business.  But  users  claim  they  can’t 
get  the  complete,  timely  information  needed  to  make  decisions.  What’s  worse,  you  need  to  demonstrate  ROI  now. 

Which  is  why  you  need  IBM  Cognos  8  Business  Intelligence,  part  of  IBM’s  Information  on  Demand  solutions 
for  business  optimization.  Our  open,  Web-based  SOA  platform  seamlessly  integrates  into  your  existing  infrastructure. 
It  enables  your  users  to  get  the  right  financial  and  operational  information,  how  and  when  they  need  it,  so  they 
can  drive  business  strategy  more  effectively.  Plus,  only  Cognos  has  the  depth  of  expertise  and  best  practices  with 
industry-specific  blueprints  to  accelerate  your  success.  Which  means  that  if  business  and  technology  are  divided, 
you’ve  got  what  it  takes  to  bring  them  together. 
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■  QUICKSTUDY 


Here’s  what  it’s  all  about 
—  minus  the  marketing 
jargon.  By  Russell  Kay 


IN  ANY  newspaper  ad 
for  television  sets, 
you’ll  see  the  term 
high-definition  used 
with  abandon,  accom¬ 
panied  by  numbers,  letters 
and  language  designed  to 
convince  you  that  a  par¬ 
ticular  item  is  the  one  you 
want.  Let's  ijecipher  the  HD 
marketingspeak  one  factor 

■  Standard  definition  (SO)  vs. 

HD:  HD  always  looks  better, 
but  some  HDTV  are  better 


■  Analog  vs.  digital:  Televi¬ 
sion  broadcasting  uses  ana¬ 
log  signals  whose  frequen¬ 
cies  vary  smoothly.  Analog 
will  disappear  in  February 
2009  and  be  replaced  by 
more  efficient  digital  televi¬ 
sion  (DTV),  which  can  fit 
more  channels  and  signals 
into  a  smaller  segment  of 
broadcast  spectrum.  To 
view  DTV  on  an  older  set, 
you’ll  need  a  special  device 
or  nonbroadcast  service 
—  cable  or  satellite  —  that 


than  analog,  but  it  is  not 
necessarily  HD.  However, 
HD  is  always  digital. 

■  Widescreen  vs.  standard: 

Older  TV  sets  mimicked 
then-current  movie  screens, 
with  a  picture  1.33  times 
as  wide  as  it  was  high.  But 
most  movies  now  use  a  wid¬ 
er  format,  often  2.35  times 
as  wide  as  they  are  high.  To 
present  such  movies  on  TV 
requires  cropping  or  editing 
the  picture  or  showing  it 
with  black  bands  on  the  top 
and  bottom.  This  “letterbox¬ 
ing”  preserves  the  intended 
format  of  the  original  movie 
but  can  make  it  look  tiny  on 
smaller  TV  sets.  With  HD 
and  DTV,  the  industry  has  a 
new  standard  screen  almost 


as  good  as  HD.  Until  early 
2008,  two  incompatible  for¬ 
mats  competed  for  true  HD 
on  DVDs,  but  Sony’s  Blu-ray 
won  the  war  while  Toshiba’s 
HD  DVD  lost.  Blu-ray  play¬ 
ers  are  more  expensive  than 
standard  DVD  players,  and 
standard  DVD  players  can’t 
play  Blu-ray  discs. 

WHAT  ABOUT 
THOSE  NUMBERS 
AND  LETTERS? 

An  HDTV  spec  sheet  may 
boast  720i  or  l,080p,  but 
what  do  those  numbers  and 
letters  mean? 

■  The  numbers:  They  refer  to 
the  theoretically  best  pos¬ 
sible  picture  quality  —  the 
total  number  of  pixel  lines 


Thep  stands  for  progres 
sive  scanning.  Here,  the  se 
paints  the  entire  picture  ir 


i80i  unless  you  use  a  spe-  tributing  writer  in  Worcester, 
al,  more  expensive  type  of  Mass.  You  can  contact  him  at 
iterconnecting  cable  called  I  russkay@charter.net 


Scanning  speed  that  blows  away  the  competition .  The  dependable  i780  scans  at  up  to 
130  ppm— even  when  scanning  at  300  dpi  resolution  in  color,  grayscale  or  black-and-white, 
in  dual  stream  mode,  with  all  advanced  features  enabled.  Gain  gale-force  productivity. 


Kodak  i780  Scanner 


Kodak 
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the  phone  company  have 
Caller  ID?)  I  finally  reached 
a  technical  specialist,  who 
asked  for  my  phone  number 
and  security  code  —  again. 
When  1  explained  my  prob¬ 
lem,  he  said,  “I  don’t  know, 
let  me  check  the  manual." 

Unfortunately,  he  had 
the  same  manual  and  was 
also  a  mere  mortal.  After 
20  minutes  of  the  blind 
leading  the  blind,  I  was 
asked  to  hold  for  an  expert. 
Fifteen  minutes  later,  I  was 
disconnected. 

I  called  back  through 
the  same  irritating  IVR 
and  security  process.  (Is 
this  really  necessary?  How 
many  people  steal  phones 
and  then  call  customer 
service?)  I  was  finally  con¬ 
nected  to  another  support 


But  that  wasn't  the  end 
of  my  nightmare.  My  first 
PDA  bill  was  significantly 
higher  than  quoted,  in¬ 
cluding  several  mysteri¬ 
ous  “one-time”  charges. 
The  billing  department 
rep  couldn’t  decipher  my 
charges  either.  He  prom¬ 
ised  to  call  back  within  15 
minutes  but  never  did.  Four 
hours  later,  I  tried  again, 
without  resolution. 

Only  after  threatening 
to  switch  carriers  was  I 
introduced  to  a  “problem- 
resolution  specialist,”  who 
discovered  that  someone 

■  The  phrase 
‘customer  service’ 
shouldn’t  be  an 
oxymoron. 


unsuccessfully  to  make  it 
work.  Two  barely  spoke 
English.  None  could  find 
the  setting  described  in  the 
manual.  Eventually  they 
gave  up,  assumed  the  device 
was  defective  and  shipped 
me  a  new  one.  (Ironically,  a 
subsequent  rep  used  a  dif¬ 
ferent  configuration  method 
—  the  original  hardware 
may  not  have  been  defective 
after  all.) 

Nearly  everyone  has 
similar  stories.  Colleagues 
with  incomprehensible 
manuals  report  being 
charged  for  product  capa¬ 
bility  questions.  One  was 


oxymoron.  It  has  always 
been  a  valuable  customer- 
retention  tool,  and  it’s 
increasingly  becoming 
an  important  market  dif¬ 
ferentiator.  Corporations 
and  IT  organizations  that 
choose  to  cut  corners  in 


Bart  Parkins  is  managing 
partner  at  Louisville,  Ky.- 
based  Leverage  Partners 
Inc.,  which  helps  organiza- 
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Optimizing  Application 
Delivery  for  the  Enterprise 


For  additional  information  visit  www.itmanagementsummit.com 
or  contact  Kerry  Lafond  at  888-299-0155. 


OCTOBER  20.  2008 


IT|careers 


Request  for  Provision  of 
Services  for  Website  Upgrade 

The  Barbados  Tourism  Authority  (BTA),  a  statutory  agency 
responsible  for  marketing  Barbados  as  the  premier  globally 
competitive  year-round  warm  weather  destination, 
operates  the  website,  www.visitbarbados.org,  which  forms 
an  integral  part  of  its  marketing  communication  strategy. 

The  BTA  is  inviting  vendors  to  submit  proposals  for  the 
provision  of  services  for  its  website,  which  is  now  in  its 
fourth  year  of  operation: 

Responsibilities  include: 

1 .  Upgrading  and  managing  the  website  including: 
a.  Design  modifications 


b.  Updates 

c.  Maintenance  &  monitoring 

d.  Online  marketing 

2.  Implementation  and  management  of  an  e-commerce 
solution  for  the  website. 

Vendors  are  requested  to  submit  proposals  which  will 
outline: 

1 .  The  services  to  be  provided  and  the  associated  costs. 

2.  How  they  will  work  with  the  BTA  in  the  provision  of 
these  services. 

3.  Proposed  contracts  for  the  services  to  be  provided. 

Requests  for  copies  of  the  detailed  information  can  be  sent 
by  email  to  charlesw@visitbarbados.org  and  should  be 
titled  Request  for  \M?bs/te  Upgrade  Information. 

Closing  date  for  submissions  is  1 2:00  Noon 

On  Monday,  November  10,  2008. 
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SharHank 

TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 


Delivered  as  Promised 


so  on,"  says  a  pilot  fish  on  the 
consultant  team.  Finally,  a 
database  admin  steps  forward 
to  take  charge.  "There  will  be 


later,  the  database  is  finally 


mediately  start  testing  their 
application  against  it.  using 
a  subset  of  valid  employee 


could  the  problem  be?  fish 
asks.  Is  the  test  data  we  used 
out  of  date?  “Ho  "replies 
database  admin. ‘You  aren't 


no  data  in  the  database.  Re- 


sure  there  was  no  bad  data 
-  so  we’re  starting  with  an 
empty  database."  Sighs  fish, 
"There's  no  bad  data  because 
there's  no  data.  A  plan  so 
simple,  and  yet  so  brilliant!" 
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I  FRANKLY  SPEAKING 


Rules  for  Users 


N  NOVEMBER,  a  federal  judge  in  New  York  will  decide 
whether  to  fix  a  user’s  spreadsheet  error.  Does  that 
sound  like  overkill?  Well,  the  judge  is  in  charge  of  the 
biggest  bankruptcy  in  U.S.  history,  and  the  spreadsheet 
lists  hundreds  of  assets  involved  in  that  bankruptcy. 

Now  does  it  sound  more  like  a  federal  case? 


Here’s  what  happened: 
On  Sept.  15,  giant  in¬ 
vestment  bank  Lehman 
Brothers  collapsed  into 
bankruptcy.  Three  days 
later,  lawyers  for  Barclays 
Capital  were  furiously 
working  to  finish  up  an 
agreement  to  purchase 
some  of  Lehman’s  assets 
in  time  to  meet  a  bank¬ 
ruptcy  court  deadline. 

Those  assets  —  con¬ 
tracts  that  were  worth 
money  to  Lehman  — 
were  listed  in  a  spread¬ 
sheet.  One  of  the  spread¬ 
sheet’s  columns  indicated 
whether  Barclays  wanted 
the  assets  with  a  “Y"  for 
yes  and  “N”  for  no. 

A  Lehman  exec  sent 
the  spreadsheet  to  Bar¬ 
clays’  law  firm  barely 
four  hours  before  the 
deadline.  But  it  had  to  be 
converted  from  Excel  to 
a  PDF  to  be  submitted  to 
the  court.  An  associate 
lawyer  glanced  at  the 
spreadsheet,  saw  noth¬ 
ing  but  Y’s  in  the  “Do  we 
want  it?”  column,  and 
sent  it  to  a  law  clerk  with 


instructions  to  cut  out 
certain  columns  and  turn 
it  into  a  PDF. 

You  can  see  what’s 
coming,  can’t  you? 

The  clerk  cut  out  the 
columns,  then  saw  that 
some  of  the  rows  were 
formatted  oddly.  He 
reformatted  the  spread¬ 
sheet  into  nice,  even  rows 
and  converted  the  result 
to  a  PDF,  then  sent  it  back 
to  the  associate,  who 
posted  the  file  without 
even  looking  at  it. 

No  one  noticed  that  the 
new  version  was  179  rows 
longer  than  the  original. 
In  fact,  20%  of  the  items 
in  the  spreadsheet  —  the 
ones  with  an  “N"  —  had 
been  hidden  automati¬ 
cally  using  an  Excel  func¬ 
tion.  When  the  clerk  cut 
out  the  “Do  we  want  it?" 

■  Keep  it  simple. 
Don’t  make  as¬ 
sumptions.  And 


you  really  have  to. 


column,  they  reappeared. 

Oops. 

The  Lehman-Barclays 
deal  closed  on  Sept.  22. 
The  mistake  wasn’t  dis¬ 
covered  until  Oct.  I,  nine 
days  later.  Now  Barclays 
is  hoping  the  court  will 
let  it  off  the  hook  for  mil¬ 
lions  of  dollars  in  assets 
it  never  intended  to  buy. 

It’s  easy  for  IT  people 
to  feel  smug  when  we 
hear  a  story  like  this. 
Some  power  user  used  a 
fancy  feature  to  pretty  up 
a  spreadsheet.  Another 
user  made  assumptions 
and  gave  explicit  instruc¬ 
tions  to  a  third  user,  who 
followed  those  instruc¬ 
tions  to  the  letter. 

If  only  these  users  had 
been  more  tech-sawy 
—  Or  had  consistent  stan¬ 
dards  for  using  Excel,  or 
had  a  better  quality- 
control  process,  or  had 
taken  time  to  verify  the 
data  —  they  wouldn’t 
have  had  this  problem. 
Right? 

Except  that  the  spread¬ 
sheet  was  created  at  one 


company  and  sent  to  a 
competitor’s  law  firm,  so 
forget  about  consistent 
standards.  Quality  con¬ 
trol?  This  was  a  one-off 
spreadsheet  for  a  one-off 
deal.  Time?  It  didn’t  exist. 

Actually,  just  spot¬ 
checking  the  finished 
list  against  the  original 
spreadsheet  would  have 
caught  the  foul-up:  22  of 
the  70  items  on  the  first 
page  weren’t  supposed  to 
be  there.  (Yes,  I  counted 
them  myself.) 

In  other  words,  being  a 
lot  less  tech-savvy  —  or 
at  least  a  lot  less  trusting 
of  technology  —  could 
have  saved  the  day. 

Look,  we’ve  put  pow¬ 
erful  tools  in  the  hands 
of  our  users.  We  can’t 
warn  them  about  every 
risk.  But  we  can  remind 
them  early  and  often  of 
some  basic  principles  of 
using  technology:  Keep 
it  simple.  Don’t  make  as¬ 
sumptions.  And  never, 
ever  trust  tech  more  than 
you  really  have  to. 

Following  any  one  of 
those  rules  could  have 
avoided  a  court  date  to 
clean  up  this  mess. 

And  once  we’ve  gently 
drummed  those  prin¬ 
ciples  into  users’  heads, 
maybe  we’d  do  well  to  ap¬ 
ply  them  ourselves.  ■ 

Frank  Hayas  is  Computer- 
world's  senior  news 
columnist.  Contact  him 
atfrank_hayes@ 
computerworld.com. 


The  fastest  way  to  have  a  connected  workplace. 


interfaces,  rules-based  business  processes,  dashboards, 
and  other  innovations  -  without  rewriting  your  code. 

Ensemble  includes  interSystems  Cache*,  the  world’s 
fastest  object  database.  Cache's  lightning  speed,  massive 
scalability,  and  rapid  development  environment  give 
Ensemble  unmatched  capabilities. 

For  30  years,  we've  been  a  creative  technology 
partner  for  leading  enterprises  that  rely  on  the  high 
performance  of  our  products.  Ensemble  and  Cache  are 
so  reliable  that  the  world's  best  hospitals  use  them /or 
life-or-death  systems. 
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See  product  demonstrations  at  InterSystems.com/Connectl7A 


If  knowledge  is  power,  then  managing  it  is  genius. 


